- Reddit links leaked trade deal documents to Russian campaign Today 10:44 AM
- How to stream Alistair Overeem vs. Jairzinho Rozenstruik Today 8:30 AM
- Amazon sends customers condoms and soap instead of Nintendo Switch Today 8:28 AM
- How to live stream Jermall Charlo vs. Dennis Hogan Today 8:00 AM
- Apple TV’s ‘Truth Be Told’ is a criminally dull drama Today 6:00 AM
- Thousands of Uber users have reported sexual assaults, company says Friday 5:40 PM
- ‘Astronomy Club’ reformats the sketch show Friday 4:58 PM
- Trump is concerned America’s toilets too weak Friday 3:53 PM
- Twitter users claim Billie Eilish is ‘over’ because she didn’t like Lady Gaga’s meat dress Friday 2:53 PM
- Nikki Haley says the Confederate flag was fine until Dylann Roof ‘hijacked’ it Friday 2:49 PM
- How emotional labor discourse spawned multiple memes Friday 2:22 PM
- Video of YouTuber Onision threatening ex-girlfriend resurfaces Friday 2:03 PM
- Marianne Williamson embraces anti-vax stance on Facebook Friday 1:58 PM
- Peloton Husband is worried memes will have ‘repercussions’ for his career Friday 1:55 PM
- ‘The Mandalorian’ stumbles as it returns to a familiar planet Friday 1:47 PM
Two members of the Senate Armed Services Committee want the White House to clearly define what constitutes an act of war in cyberspace.
The Cyber Act of War Act, introduced on Tuesday by Sens. Angus King (I-Maine) and Mike Rounds (R-S.D.), would give President Barack Obama 180 days to send the House and Senate defense committees “a policy for determining when an action carried out in cyberspace constitutes an act of war against the United States.”
The policy would need to consider “the ways in which the effects of a cyber attack may be equivalent to the effects of an attack using conventional weapons, including with respect to physical destruction or casualties,” as well as “intangible effects of significant scope, intensity, or duration.”
“By requiring the Administration to define what constitutes an act of war in the cyber domain, this legislation would help our government be better able to respond to cyber-attacks and deter malicious actors from launching them in the first place,” King said in a statement.
“Declaring a cyber attack an act of war could have similar, far-reaching consequences.”
International law strictly governs conduct during war, but cyberwar presents new challenges—including the difficulty of attributing digital attacks that can be routed through intermediary countries—that combine to make cyberspace a largely untested legal zone.
Michael Schmitt, an expert in cyber conflict and the lead author of the Tallinn Manual, a guide to the international law of cyberspace, noted that the international law of war’s three core terms—“use of force,” “armed attack,” and “armed conflict”—are all “highly technical and unsettled when applied to cyber ops.”
“Introducing a new term will only complicate matters,” Schmitt, who chairs the Stockton Center at the U.S. Naval War College, said in an email. He called the bill’s mandate to define cyberwar “interesting, but not horribly feasible.”
Timothy Edgar, a senior fellow at Brown University’s Watson Institute for International Studies and Public Affairs, agreed, calling the bill “a good first step” in an email but adding that “any definition would have to be rather general, given the technical and legal uncertainties.”
Still, said Edgar, who worked on cyber issues as President Obama’s first director of privacy at the National Security Council, “A dialogue between the executive branch and Congress about what cyber attacks should be considered ‘war’ is a useful one to have before a major cyber attack.”
Lawmakers have taken an increasingly active role in cyberspace policy oversight as countries like Russia, China, Iran, and North Korea have refined their offensive cyber operations and begun striking overseas targets.
After a Dec. 23 cyberattack on a Ukrainian power company plunged a significant portion of the country’s western region into darkness, U.S. and Ukrainian investigators identified malware linked to an ethnic Russian hacking group in the company’s networks.
The Ukrainian incident, the first confirmed use of a cyberattack to disrupt physical civilian infrastructure, prompted new worries about the vulnerabilities of U.S. critical infrastructure and led the Obama administration to warn American power companies to harden their systems.
The White House has tried to tamp down cyber tensions with its main rivals. President Obama reached a deal last September with Chinese President Xi Jinping that bars either country from pursuing cyber espionage for commercial purposes. But that deal does not cover political intrusions like the 2015 Office of Personnel Management data breach, which is widely believed to be the work of China’s cyber army.
Jason Healey, a senior research scholar in cyber conflict studies at Columbia University, said in an email that the two senators’ push for a clear definition amounted to “not a very useful bill or debate.”
“After all, there is no definition of what an ‘act of war’ is for any kind of kinetic conflict either,” Healey said. “An ‘act of war’ depends entirely on the circumstances as well as the decision of the head of government—it is not just a national security decision, but ultimately a political decision.”
Edgar expressed hope that the bill’s requirement to define cyberwar, as simplistic as it is, might at least prompt a careful examination of the policy shifts that occur in wartime.
“We are still living with the consequences of what it means to be in a ‘war’ on terrorism, both international and domestic,” he said. “Declaring a cyber attack an act of war could have similar, far-reaching consequences.”
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.